Wow, I remember Geocities. Been forever since I heard someone talk about it

14:39

bob hope

Does anyone have the link to remove your facebook profile or other social sites as well?

14:39

bob hope

Tripod had a page on there all written in Netscape Composer.

14:40

bob hope

http://onemilliontweetmap.com/

14:41

bob hope

lol

14:41

bob hope

Im never posting on social media again

14:41

bob hope

What day it is?

14:42

bob hope

It is "Today".

14:42

bob hope

LMAO @Shawn

14:43

bob hope

*facepalm

14:44

bob hope

Local Enforcement has similar tools for this.

14:44

bob hope

Wow - great tool!

14:44

bob hope

Who needs tools?It's all free

14:44

bob hope

cool site

14:44

bob hope

I want the NSA version

14:44

bob hope

Like.... specific tools

14:45

bob hope

https://app.echosec.net/

14:46

bob hope

wow

14:46

bob hope

nice!

14:46

bob hope

awsome

14:47

bob hope

how did they get my picture?? haha

14:47

bob hope

Holy Crap!!!! I'm glad I don't have any social media accounts

14:48

bob hope

can you filter on Username?

14:48

bob hope

gotta play around with this today

14:48

bob hope

Mind = Blown

14:49

bob hope

Can you pull up specific people through echosec?

14:49

bob hope

We've just tweeted someone back who was at out shopping center (mall) a few minutes ago. He's shocked haha

14:50

bob hope

This is public sector software. Law Enforcement & Govt have for more. Tripware.

14:50

bob hope

"Hey @Dave! That Meeting in the conference room at 10am tomorrow" - things like that you can use

14:50

bob hope

This is a great way for identifying any rogue tweeters at work

14:50

bob hope

"Hey @ Dave Ugh, email is down AGAIN'

14:51

bob hope

Interesting way to look for leaks

14:52

bob hope

This is exactly why you should switch of Geo location on your apps. There is no real need for twitter or facebook to have it

14:52

bob hope

USPS does this rogue social media behavior and cracking down on it.

14:54

bob hope

Wow, someone in my area even tweeting about their court date.

14:54

bob hope

LOL @Dave.

14:54

bob hope

Spokeo I use.

14:54

bob hope

What we can discover about our neighbours...

14:55

bob hope

If your looking for someone specific, as was the persons question. Wouldn't you just look up their profile directly?

14:55

bob hope

Think I just need to go off the GRID

14:55

bob hope

http://www.zabasearch.com/

14:55

bob hope

@David L: No, just be more careful.

14:56

bob hope

Thanks Mike

14:56

bob hope

Hey my neighbor just trash talked me! LOL JK

14:57

bob hope

@Mountain D Mike - Is your number the one ending 89 or 43?

14:57

bob hope

A lot of those DB are stale.

14:57

bob hope

only joking

14:57

bob hope

Someone with similar name

14:57

bob hope

For the UK http://www.192.com/ is helpful to find info from electoral register that people may not realise is still out there

14:57

bob hope

RMS is another DB that Law Enforcement uses.

14:58

bob hope

It's true.. .I could find a picture of him even

14:58

bob hope

@Michala - I for one have always been ex-directory and I'm from the UK

14:59

bob hope

Do you register to vote?

14:59

bob hope

whitepages

14:59

bob hope

What are the steps to keep yourself off these sites?

14:59

bob hope

Yeah. But keep off the public electrol. No need to be on that unless you want double glazing

14:59

bob hope

Go off the grid!

15:00

bob hope

@David B I'm already so paranoid I do not apply for loyalty cards

15:00

bob hope

So you opt-out of the register. But prior to 2002 that option wasn't available and some of these sites still publish the old data

15:00

bob hope

rofl, i found my dog on pinterest

15:00

bob hope

yeah I've tried to quite facebook like 3 times in the past couple years. my wife keeps pulling me back in so she can tag me in stuff

15:00

bob hope

Prior to 2002 I didn't register for that reason

15:00

bob hope

heh @Brian where did you take him when you took him out earlier>?

15:00

bob hope

@Mike P Sensible guy

15:01

bob hope

Voting + ID = Jury Duty.

15:01

bob hope

Moving house is one of the best things you can do

15:01

bob hope

@Sean - Thanks for the paranoia. I will cherish it forever

15:01

bob hope

With my data protection hat on I was always getting letters from people about receiving spam because they hadn't opted out of the register

15:02

bob hope

In our state they can use DMV rolls

15:02

bob hope

I've just thrown my wallet and phone in the fire

15:02

bob hope

@James Voting is a duty. Jury duty is one of the prices I am willing to pay.

15:02

bob hope

@Philip really, that's public?

15:02

bob hope

We'll all go off and be hermits after this course!

15:02

bob hope

To the circuit court clerk it is definitely public

15:03

bob hope

@Mike P lol. Sometimes I want to be a hermit

15:03

bob hope

I don't mind doing it never been called and will not. I'm visually impaired and would compromise a case.

15:03

bob hope

I've run out of mesh. Just one wall to cover

15:03

bob hope

In some states the DMV sells the information to mailing lists

15:03

bob hope

@ David I agree with you. It is a duty I am willing to do as a citizen

15:03

bob hope

Power and electrical companies sell new connections information

15:04

bob hope

@James P roger that. Also one of the reasons I spent time in the military.

15:05

bob hope

wonder if it would be a good thing to bring a portfolio of the manager that is interviewing me next week for a job?

15:05

bob hope

Only been called up once, bounced off because my wife relative was the lead officer for the case

15:05

bob hope

I can not serve in the military so I am grateful for those that do. Thank you

15:06

bob hope

At the interview for the job I just got, they asked me how I'd hack them. I had done some social media searches on the interview panel and the end result got me the job so it can work

15:06

bob hope

I hate when work gets in the way of learning. Phone won't quit ringing.

15:06

bob hope

That was for Michael G

15:06

bob hope

will the links be in the usual show notes

15:06

bob hope

Nice @Michala

15:06

bob hope

@Michael he'll either hire you or throw you out the door

15:06

bob hope

she

15:06

bob hope

@Michala - way to go

15:07

bob hope

@Michael They are probably going to do it to you so why not return the favor

15:07

bob hope

or she

15:07

bob hope

The disadvantage of what I did is identifying that one of the directors puts far too much information about what they are ding in their technical environment on twitter - I have to address that pronto when I start

15:07

bob hope

Why I limit my posts to hobbies or volunteer work

15:08

bob hope

Sorry guys been nosy on some of you already

15:08

bob hope

@Mike P Surely not

15:08

bob hope

Well, my area.... surprised me. Not too much social media going on. Wonder if it's because I live in the south....

15:08

bob hope

I'm getting addicted to echosec LOL

15:09

bob hope

Your a BCS member Michala?

15:09

bob hope

There is just so much public info out there. People just search your name in the county records if you own a house for example

15:10

bob hope

@Mike P yes

15:10

bob hope

It's also by the way people worth asking companies and councils for freedom of information stuff

15:10

bob hope

@Shawn South of the US?

15:10

bob hope

you will be surprised at what they have to legally tell you

15:11

bob hope

I knew it, work would call me today!

15:11

bob hope

@Mike P Oh yes, great tip. I trawled the FOI disclosure logs of my former company on a regular basis to check if anything got out. Unfortunately also a common form of data breach

15:11

bob hope

Remember any non profit has to release their tax returns. Makes interesting reading, especially the salaries of those who earn over a certain amount

15:11

bob hope

@Mike P Did you see that as of yesterday National Rail is now in scope of FOI?

15:12

bob hope

Yep. lol

15:14

bob hope

@Mike P Do you just say "Give me your freedom of information stuff" or is there a process?

15:14

bob hope

Hmmm... echosec doesnt seem to be showing me twitter

15:14

bob hope

I'm only getting flickr

15:14

bob hope

Normally a process.

15:14

bob hope

create a rectangle then you'll see it.

15:15

bob hope

Public sectors normally have a form on a site to fill in

15:15

bob hope

@Mike P Thanks

15:15

bob hope

My wife had one once sent in, someone asking the amount of money spent on pens in a year

15:15

bob hope

lol

15:16

bob hope

For the dog lovers, this is my Pacino: https://www.pinterest.com/pin/119908408800960108/

15:16

bob hope

With Echosec - if you use polygon select how do you close the polygon?

15:16

bob hope

Nice dog @Brian

15:16

bob hope

double click on the last one

15:16

bob hope

@Brian, cool looking dog

15:17

bob hope

I have a Corgi

15:17

bob hope

Cool @Brian. I have 3 ankle biters myself.

15:17

bob hope

echo polygon - double-click

15:17

bob hope

Right click brings up menu for browser

15:17

bob hope

@James, 3? Wow, I only can do one dog at a time!

15:17

bob hope

double click closes and searches

15:18

bob hope

That is the wifey doing not mine.

15:18

bob hope

Aha - thanks Mike

15:18

bob hope

Not happy about it either

15:18

bob hope

@James, that is how I got my dog. I got back from an international trip and there he was!

Social engineering seems to encompass every old con-man confidence scheme that has been around since the beginning of human society. Gain someones trust, confidence, etc to get or take something from them.

15:33

bob hope

@Creigh Exactly

15:33

bob hope

One lesson I learned in 82nd. NO ID NO ACCESS. Never ever be afraid to deny entry to someone.

15:33

bob hope

I don't even have card access to the building since I'm a telecommuter, I need to bug the guard when I need to get my mail

15:33

bob hope

I walk people so someone I know who will vouch for the tailgater. Most people understand and thank you

15:34

bob hope

at my previous place of work I was able to walk in without my badge, and get through the entire day without needing one.

Yeah, I think there is an example in the book that played on sympathy as well. Something like my kid spilled something on my last printed resume and I need this job so can you print this out for me

15:47

bob hope

you want the to work for it

15:47

bob hope

@Darryl, I'm with you there

15:47

bob hope

Still breakfast hour for me too

15:47

bob hope

Here's the link to the micro expressions stuff that Lie to me was about if anyone wants to look into further: http://www.paulekman.com/micro-expressions/

15:48

bob hope

See you guys after lunch

15:48

bob hope

ok, see you after breakfast

15:48

bob hope

Thanks @Michala that is very interseting

15:48

bob hope

Gonna look for something to nibble on. BRB in a few.

15:48

bob hope

Thanks all. Great fun. Make sure you;'ve backed up your OneNote

15:48

bob hope

would take a lot of practice to get it down like he did in the show

15:48

bob hope

in case anyone does not know what a rubberDucky USB stick is http://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe?variant=353378649

15:50

bob hope

Need a case on the rubber ducky that says logitech or Microsoft so they think it is a receiver for USB keyboard

15:50

bob hope

@Darryl Thanks

15:50

bob hope

I have an older Ducky, works great!

15:50

bob hope

The quick guide to microexpressions without forking out money: http://www.scienceofpeople.com/2013/09/guide-reading-microexpressions/

15:50

bob hope

Rubber Ducks great, but most large companies have already cut those dead. Hard handed way, disable USB altogether. Or more commonly try to mitigate the attack by cutting the execution of the script

15:51

bob hope

Thanks @Darryl

15:51

bob hope

Hak5 is a great Podcast

15:51

bob hope

Thats the way we do at our clients. @ Mike P

15:52

bob hope

I use them for internal training, good to drop in company public area, labeled "Pictures" she who plugs it in!

15:53

bob hope

A thanks to Jason for putting up that information in the lower third, it really helps.

15:57

bob hope

Another good book again by Chris Handnagy for Micro Expression , with the help of Dr Paul Echam who discovered them is http://www.amazon.co.uk/Unmasking-Social-Engineer-Element-Security/dp/1118608577/ref=asap_bc?ie=UTF8

15:58

bob hope

@Darryl thanks, adding to reading list

15:58

bob hope

Btw, has any one here done the EC Council incident handler cert and have views on it they are willing to share?

15:58

bob hope

Great show!

16:00

bob hope

good show! ready for the next.

16:00

bob hope

AFK

16:03

bob hope

@Mike P Just did that phishing test - YOU'RE A PHISH-SPOTTING NINJA! YOU CORRECTLY IDENTIFIED 14 OUT OF 14 SITES IN THE OPENDNS PHISHING QUIZ - phew!

16:07

bob hope

That would be a good one to have employees do.

16:08

bob hope

haha I got 14 as well

16:08

bob hope

@ Michael yes they would benefit the most.

16:09

bob hope

It's worth even making one relevant for your company. Altering the company intranet/website and emails to test the employees

16:09

bob hope

I like the first one yahoo mail is upgrading with a google address LOL

16:10

bob hope

@Mike P that is a good idea.

16:10

bob hope

good thought

16:11

bob hope

Haha, I make the suggestion to my company that we should have our clients do that test and my dispatcher replies "The resutls may be quite depressing."

16:11

bob hope

I missed the American Airlines phish, I was going through it too quick.

16:11

bob hope

Has anyone had any success with the spt toolkit? It was an open source phishing education tool but I never got it working correctly to manage multiple campaigns

16:14

bob hope

Never tried it.

16:19

bob hope

Not heard of that

16:20

bob hope

looks like it's discontinued

16:25

bob hope

Mmmm mexican food

16:27

bob hope

Rob got a new high score?

16:28

bob hope

I'm married to a Mexican Shawn, so everything she cooks is "Mexican food".

16:30

bob hope

mmm, sounds good, when should I come over? haha

16:31

bob hope

depends on what she or david is preparing tonight... what on the menu this evening David

16:32

bob hope

Most of it is good (I know how to cook too), but she uses more oil than necessary.

16:32

bob hope

i think Rob is in 3rd place

16:32

bob hope

I cooked a bunch of pork on Saturday (and just heated up some for lunch right now).

16:34

bob hope

It's been hard teaching a Mexican family that you don't use a metal fork on Teflon (TM), then you don't need so much cooking oil.

16:37

bob hope

hahah @David

16:37

bob hope

Where are you Nate?

16:38

bob hope

haha

16:40

bob hope

My Chromecast is still infrequently dropping the cast.

16:41

bob hope

Is it the latest build causing issues dave?

16:41

bob hope

Or you have them before tomorrow

16:41

bob hope

No, it is probably the corporate network.

16:43

bob hope

I don't have any casting problems or my DSL line, but it has been too slow to see an unbuffered presentation from IT Pro.

I even learned empirically the "Windows 8.1 with Bing" comes with PS4.0, and can't be upgraded to v5.0.

17:20

bob hope

At least I didn't wait through the looping "Preparing for setup" after an hour.

17:22

bob hope

@David I didn't know v5 came out yet

17:22

bob hope

stackoverflow is where you want to be looking for powershell or any code help really. The guys on their are superb

17:24

bob hope

It is a "Preview"/beta for 8.1 / S2012, part of the WMF package: http://www.microsoft.com/en-us/download/details.aspx?id=44987

17:24

bob hope

The best way to learn powershell is to actually use it though. So why not script out a whole new server build script. Setting up an AD domain, ACL's, DNS etc... Once you done that you will be Ninja!

17:24

bob hope

haha, that Kevin Mitnick video is awesome.

17:27

bob hope

It is. I've been enjoying it over mexican food

17:27

bob hope

I like how he hacks the prison phones .... made me lol

17:28

bob hope

havent gotten there yet, just heard about the McDonalds drive through hack.

17:28

bob hope

For many people, Taco Bell or burritos/hard shell tacos are "Mexican food".

17:29

bob hope

Most of the inmate phones now are done through "SECURUS".

17:31

bob hope

@Michael I have read his books and some of the stories he tells are great

17:31

bob hope

I bet

17:32

bob hope

geesh sean

17:33

bob hope

saving the human race instead of teaching

17:35

bob hope

TIL Sean is a timelord.

17:35

bob hope

@Sean I really like your book through Sybex no less, it is a nice informative read.

17:36

bob hope

I'm back.

17:37

bob hope

@Sean book arriving today looking forward to it.

17:37

bob hope

I will say this @David... i can only eat like 1 or two REAL mexican (corn) tortillas

17:38

bob hope

GERONIMO!

17:39

bob hope

Wibbly Wobbly Security?

17:39

bob hope

Awesome

17:39

bob hope

Hi all! I couldn't make it earlier, what did I miss?

17:40

bob hope

In other news, I have the awesome Star Trek Enterprise Pizza Cutter downstairs

17:40

bob hope

You missed how to pull tweets from a geolocation

17:40

bob hope

cool

17:40

bob hope

I h ave the pizza cutter too! hehe

17:40

bob hope

What time are we starting again?

17:41

bob hope

@Mike R lovely isn't it?

17:41

bob hope

I have one

17:41

bob hope

@mike w.... nowish

17:41

bob hope

Well it was until my mother in law cleaned it with a scrub brush...

17:41

bob hope

now it's all scratched up

17:41

bob hope

Eek, sacrilege

17:41

bob hope

ish?

17:41

bob hope

sp

17:41

bob hope

Most folks don't realize the original sound effects for Star Trek were done on a Yamaha Organ

17:41

bob hope

thanks

17:42

bob hope

I fully support Theme Week. I want to see Don show up in a Harry Potter costume lol

17:42

bob hope

(I mean, it fits)

17:42

bob hope

The transporter was chrismas lights.

17:44

bob hope Sandez

made it

17:44

bob hope

And not very many buttons on their consoles.

17:44

bob hope

hahahahaha

17:46

bob hope

You got it, rule of thirds!

17:46

bob hope

Use those all of the time.

17:47

bob hope

FB WILL STRIP THIS INFO.

17:48

bob hope

Konica Minolta... good copiers lol

17:48

bob hope

G+ will not, they will keep it.

17:48

bob hope

They caught John McAfee through geotagging

17:48

bob hope

LOL

17:48

bob hope

That's right though.

17:49

bob hope

in McAfee's case it was the journalist who posted it, not him

17:49

bob hope

Yeah, but small companies will put pictures from their phones, or other cameras, on their websites. That's not secure

17:50

bob hope

You can also identify the camera because cameras have fingerprints, usually pixels that get damaged over time

17:51

bob hope

CSI Cyber Used these last week with the Mustache Taxi episode...

17:51

bob hope

< I'm shaking my head too!! LoL >

17:51

bob hope

Appraiser uses that a l ot

17:51

bob hope

House appraisers

17:52

bob hope

I want timestamps

17:53

bob hope

Great, now I have to take all my online photos down

17:54

bob hope

Hmm... is this one any good Sean? http://www.geocreepy.com/

17:54

bob hope

https://www.paterva.com/web6/

17:54

bob hope

Yep ran that @Michala

17:55

bob hope

Yo ho....

17:55

bob hope

Would you recommend it James O?

17:55

bob hope

Somebody's watchin' me!

17:56

bob hope

I messed with that a few months ago.

17:56

bob hope

cool

17:57

bob hope

thats kewl

17:57

bob hope

where am i

17:57

bob hope

does it drill down to connections??

17:57

bob hope

nodal

17:57

bob hope

Did IT Pro TV contract with Sean to find all security vulnerabilities before these episodes?

17:58

bob hope

haha, thats what I was wondering @David

17:58

bob hope

or maybe this is the test...

17:58

bob hope

this looks internal though

17:59

bob hope

Does it matter that Sean's microphone is upside down?

17:59

bob hope

that will be very educational, hacking ITPro.tv

17:59

bob hope

HOLY CRAP

18:00

bob hope

@Stanley no. it's an omnidirectional mic

18:00

bob hope

but you are inside the network.

18:00

bob hope

I assume Internal verses External creates different results

18:00

bob hope

Would you get the same results from the internet as opposed to internal?

18:00

bob hope

It's actually working better for hime upside down than it did right side up

18:00

bob hope

I'm salivating right now. Too Sweet!

18:01

bob hope

LOL

18:01

bob hope

hehe

18:01

bob hope

itpro.tv resolves to the web server, so it depends on where it's hosted

18:01

bob hope

olvidosplace.net

18:02

bob hope

that's my website... i host is in a secure place

18:02

bob hope

people need to add it to their hosts file currently

18:02

bob hope

my website is nsa.org

18:02

bob hope

You can't hit it. NXDOMAIN.

18:02

bob hope

HAHAHAH

18:03

bob hope

They are on Google Apps for Work, but I think they are on AWS too.

18:03

bob hope

How about whitehouse.gov

18:04

bob hope

welll it was nice knowing you Philip

18:04

bob hope

0_0

18:04

bob hope

lol

18:04

bob hope

LOL

18:04

bob hope

LOL

18:05

bob hope

Q: Any SaaS that combine tools like this and shodan, etc???

18:06

bob hope

^^ I second that question

18:07

bob hope

A honeypot would be helpful in detecting something like this

18:07

bob hope

sounds like this is the tool tht does it

18:08

bob hope

It (maltego) should be powerful for the price

18:09

bob hope

fair enough revised question

18:09

bob hope

Question: Does Maltego also cross reference with Shodan?

18:10

bob hope

alias+name@gmail.com

18:10

bob hope

James, a lot of sites don't accept the + required for alias with gmail

18:11

bob hope

it's not like Gmail is going to read your email and use it in thier products.

18:11

bob hope

lol

18:11

bob hope

Q: Should the CEH have paid acounts for some of these "lookup" services?? I would think that the "Black-Hats" have paid for some lookup services...

18:11

bob hope

Can you strip the Geoinformation out of a picture after the fact?

18:12

bob hope

It's scary how much information is out there about me. I know I was shocked when I would google myself. Things have changed however, thankfully there are others with my name that are more popular than I

18:12

bob hope

yeah... I have a friend named tim jones

18:12

bob hope

hard to find

18:13

bob hope

KanyeWest seems to think the internet does "Takebacks"

18:13

bob hope

@Matthew it's amazing what you find. Apparently there is a judge in NZ with the same as mine

18:14

bob hope

I have book authors and criminal investigators, and doctors. I am none of these

18:14

bob hope

TOR is not as good as it used to be.

18:14

bob hope

are you going to demonstrate any of those "hiding" techniques?

18:14

bob hope

or am I?

18:14

bob hope

leaking info

18:15

bob hope

People don't understand this technology they use

18:15

bob hope

Dependent upon the budget of the attacker, Tor is definitely not anonymous anymore.

18:15

bob hope

Question: Is there a list of mac addresses you can access?

18:16

bob hope

I can't wait till I re-watch all the eps I have missed and such. This is what I want to do.

14:18

bob hope

@Sean or is this just covering the wide spectrum of footprinting, in no particular order

14:18

bob hope

@Shawn - I think it's just footprinting topics in general.

Mike P

@Shawn - I think it's just footprinting topics in general.

14:18

bob hope

Okay, thanks

14:18

bob hope

Who let the dog(s) out?

14:19

bob hope

Brian!

14:19

bob hope

hah

14:23

bob hope

Haha

14:23

bob hope

Okay, thanks!

14:23

bob hope

Brian Krebs has a very informative site for those who have not seen it yet http://krebsonsecurity.com/

14:24

bob hope

Thanks James

14:24

bob hope

The site I used for daily security news is : https://threatpost.com/

14:24

bob hope

I swear I have 20 Chrome tabs open right now with all of these links lol

14:24

bob hope

Thanks Mike

14:24

bob hope

NICE MIKE! I've been looking for something EXACTLY like that

14:24

bob hope

I am just keep a notepad open with them for later

14:25

bob hope

I'm bookmarking them all. Hope I can remember later what each one was for.

Wow, I remember Geocities. Been forever since I heard someone talk about it

14:39

bob hope

Does anyone have the link to remove your facebook profile or other social sites as well?

14:39

bob hope

Tripod had a page on there all written in Netscape Composer.

14:40

bob hope

http://onemilliontweetmap.com/

14:41

bob hope

lol

14:41

bob hope

Im never posting on social media again

14:41

bob hope

What day it is?

14:42

bob hope

It is "Today".

14:42

bob hope

LMAO @Shawn

14:43

bob hope

*facepalm

14:44

bob hope

Local Enforcement has similar tools for this.

14:44

bob hope

Wow - great tool!

14:44

bob hope

Who needs tools?It's all free

14:44

bob hope

cool site

14:44

bob hope

I want the NSA version

14:44

bob hope

Like.... specific tools

14:45

bob hope

https://app.echosec.net/

14:46

bob hope

wow

14:46

bob hope

nice!

14:46

bob hope

awsome

14:47

bob hope

how did they get my picture?? haha

14:47

bob hope

Holy Crap!!!! I'm glad I don't have any social media accounts

14:48

bob hope

can you filter on Username?

14:48

bob hope

gotta play around with this today

14:48

bob hope

Mind = Blown

14:49

bob hope

Can you pull up specific people through echosec?

14:49

bob hope

We've just tweeted someone back who was at out shopping center (mall) a few minutes ago. He's shocked haha

14:50

bob hope

This is public sector software. Law Enforcement & Govt have for more. Tripware.

14:50

bob hope

"Hey @Dave! That Meeting in the conference room at 10am tomorrow" - things like that you can use

14:50

bob hope

This is a great way for identifying any rogue tweeters at work

14:50

bob hope

"Hey @ Dave Ugh, email is down AGAIN'

14:51

bob hope

Interesting way to look for leaks

14:52

bob hope

This is exactly why you should switch of Geo location on your apps. There is no real need for twitter or facebook to have it

14:52

bob hope

USPS does this rogue social media behavior and cracking down on it.

14:54

bob hope

Wow, someone in my area even tweeting about their court date.

14:54

bob hope

LOL @Dave.

14:54

bob hope

Spokeo I use.

14:54

bob hope

What we can discover about our neighbours...

14:55

bob hope

If your looking for someone specific, as was the persons question. Wouldn't you just look up their profile directly?

14:55

bob hope

Think I just need to go off the GRID

14:55

bob hope

http://www.zabasearch.com/

14:55

bob hope

@David L: No, just be more careful.

14:56

bob hope

Thanks Mike

14:56

bob hope

Hey my neighbor just trash talked me! LOL JK

14:57

bob hope

@Mountain D Mike - Is your number the one ending 89 or 43?

14:57

bob hope

A lot of those DB are stale.

14:57

bob hope

only joking

14:57

bob hope

Someone with similar name

14:57

bob hope

For the UK http://www.192.com/ is helpful to find info from electoral register that people may not realise is still out there

14:57

bob hope

RMS is another DB that Law Enforcement uses.

14:58

bob hope

It's true.. .I could find a picture of him even

14:58

bob hope

@Michala - I for one have always been ex-directory and I'm from the UK

14:59

bob hope

Do you register to vote?

14:59

bob hope

whitepages

14:59

bob hope

What are the steps to keep yourself off these sites?

14:59

bob hope

Yeah. But keep off the public electrol. No need to be on that unless you want double glazing

14:59

bob hope

Go off the grid!

15:00

bob hope

@David B I'm already so paranoid I do not apply for loyalty cards

15:00

bob hope

So you opt-out of the register. But prior to 2002 that option wasn't available and some of these sites still publish the old data

15:00

bob hope

rofl, i found my dog on pinterest

15:00

bob hope

yeah I've tried to quite facebook like 3 times in the past couple years. my wife keeps pulling me back in so she can tag me in stuff

15:00

bob hope

Prior to 2002 I didn't register for that reason

15:00

bob hope

heh @Brian where did you take him when you took him out earlier>?

15:00

bob hope

@Mike P Sensible guy

15:01

bob hope

Voting + ID = Jury Duty.

15:01

bob hope

Moving house is one of the best things you can do

15:01

bob hope

@Sean - Thanks for the paranoia. I will cherish it forever

15:01

bob hope

With my data protection hat on I was always getting letters from people about receiving spam because they hadn't opted out of the register

15:02

bob hope

In our state they can use DMV rolls

15:02

bob hope

I've just thrown my wallet and phone in the fire

15:02

bob hope

@James Voting is a duty. Jury duty is one of the prices I am willing to pay.

15:02

bob hope

@Philip really, that's public?

15:02

bob hope

We'll all go off and be hermits after this course!

15:02

bob hope

To the circuit court clerk it is definitely public

15:03

bob hope

@Mike P lol. Sometimes I want to be a hermit

15:03

bob hope

I don't mind doing it never been called and will not. I'm visually impaired and would compromise a case.

15:03

bob hope

I've run out of mesh. Just one wall to cover

15:03

bob hope

In some states the DMV sells the information to mailing lists

15:03

bob hope

@ David I agree with you. It is a duty I am willing to do as a citizen

15:03

bob hope

Power and electrical companies sell new connections information

15:04

bob hope

@James P roger that. Also one of the reasons I spent time in the military.

15:05

bob hope

wonder if it would be a good thing to bring a portfolio of the manager that is interviewing me next week for a job?

15:05

bob hope

Only been called up once, bounced off because my wife relative was the lead officer for the case

15:05

bob hope

I can not serve in the military so I am grateful for those that do. Thank you

15:06

bob hope

At the interview for the job I just got, they asked me how I'd hack them. I had done some social media searches on the interview panel and the end result got me the job so it can work

15:06

bob hope

I hate when work gets in the way of learning. Phone won't quit ringing.

15:06

bob hope

That was for Michael G

15:06

bob hope

will the links be in the usual show notes

15:06

bob hope

Nice @Michala

15:06

bob hope

@Michael he'll either hire you or throw you out the door

15:06

bob hope

she

15:06

bob hope

@Michala - way to go

15:07

bob hope

@Michael They are probably going to do it to you so why not return the favor

15:07

bob hope

or she

15:07

bob hope

The disadvantage of what I did is identifying that one of the directors puts far too much information about what they are ding in their technical environment on twitter - I have to address that pronto when I start

15:07

bob hope

Why I limit my posts to hobbies or volunteer work

15:08

bob hope

Sorry guys been nosy on some of you already

15:08

bob hope

@Mike P Surely not

15:08

bob hope

Well, my area.... surprised me. Not too much social media going on. Wonder if it's because I live in the south....

15:08

bob hope

I'm getting addicted to echosec LOL

15:09

bob hope

Your a BCS member Michala?

15:09

bob hope

There is just so much public info out there. People just search your name in the county records if you own a house for example

15:10

bob hope

@Mike P yes

15:10

bob hope

It's also by the way people worth asking companies and councils for freedom of information stuff

15:10

bob hope

@Shawn South of the US?

15:10

bob hope

you will be surprised at what they have to legally tell you

15:11

bob hope

I knew it, work would call me today!

15:11

bob hope

@Mike P Oh yes, great tip. I trawled the FOI disclosure logs of my former company on a regular basis to check if anything got out. Unfortunately also a common form of data breach

15:11

bob hope

Remember any non profit has to release their tax returns. Makes interesting reading, especially the salaries of those who earn over a certain amount

15:11

bob hope

@Mike P Did you see that as of yesterday National Rail is now in scope of FOI?

15:12

bob hope

Yep. lol

15:14

bob hope

@Mike P Do you just say "Give me your freedom of information stuff" or is there a process?

15:14

bob hope

Hmmm... echosec doesnt seem to be showing me twitter

15:14

bob hope

I'm only getting flickr

15:14

bob hope

Normally a process.

15:14

bob hope

create a rectangle then you'll see it.

15:15

bob hope

Public sectors normally have a form on a site to fill in

15:15

bob hope

@Mike P Thanks

15:15

bob hope

My wife had one once sent in, someone asking the amount of money spent on pens in a year

15:15

bob hope

lol

15:16

bob hope

For the dog lovers, this is my Pacino: https://www.pinterest.com/pin/119908408800960108/

15:16

bob hope

With Echosec - if you use polygon select how do you close the polygon?

15:16

bob hope

Nice dog @Brian

15:16

bob hope

double click on the last one

15:16

bob hope

@Brian, cool looking dog

15:17

bob hope

I have a Corgi

15:17

bob hope

Cool @Brian. I have 3 ankle biters myself.

15:17

bob hope

echo polygon - double-click

15:17

bob hope

Right click brings up menu for browser

15:17

bob hope

@James, 3? Wow, I only can do one dog at a time!

15:17

bob hope

double click closes and searches

15:18

bob hope

That is the wifey doing not mine.

15:18

bob hope

Aha - thanks Mike

15:18

bob hope

Not happy about it either

15:18

bob hope

@James, that is how I got my dog. I got back from an international trip and there he was!

Social engineering seems to encompass every old con-man confidence scheme that has been around since the beginning of human society. Gain someones trust, confidence, etc to get or take something from them.

15:33

bob hope

@Creigh Exactly

15:33

bob hope

One lesson I learned in 82nd. NO ID NO ACCESS. Never ever be afraid to deny entry to someone.

15:33

bob hope

I don't even have card access to the building since I'm a telecommuter, I need to bug the guard when I need to get my mail

15:33

bob hope

I walk people so someone I know who will vouch for the tailgater. Most people understand and thank you

15:34

bob hope

at my previous place of work I was able to walk in without my badge, and get through the entire day without needing one.

Yeah, I think there is an example in the book that played on sympathy as well. Something like my kid spilled something on my last printed resume and I need this job so can you print this out for me

15:47

bob hope

you want the to work for it

15:47

bob hope

@Darryl, I'm with you there

15:47

bob hope

Still breakfast hour for me too

15:47

bob hope

Here's the link to the micro expressions stuff that Lie to me was about if anyone wants to look into further: http://www.paulekman.com/micro-expressions/

15:48

bob hope

See you guys after lunch

15:48

bob hope

ok, see you after breakfast

15:48

bob hope

Thanks @Michala that is very interseting

15:48

bob hope

Gonna look for something to nibble on. BRB in a few.

15:48

bob hope

Thanks all. Great fun. Make sure you;'ve backed up your OneNote

15:48

bob hope

would take a lot of practice to get it down like he did in the show

15:48

bob hope

in case anyone does not know what a rubberDucky USB stick is http://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe?variant=353378649

15:50

bob hope

Need a case on the rubber ducky that says logitech or Microsoft so they think it is a receiver for USB keyboard

15:50

bob hope

@Darryl Thanks

15:50

bob hope

I have an older Ducky, works great!

15:50

bob hope

The quick guide to microexpressions without forking out money: http://www.scienceofpeople.com/2013/09/guide-reading-microexpressions/

15:50

bob hope

Rubber Ducks great, but most large companies have already cut those dead. Hard handed way, disable USB altogether. Or more commonly try to mitigate the attack by cutting the execution of the script

15:51

bob hope

Thanks @Darryl

15:51

bob hope

Hak5 is a great Podcast

15:51

bob hope

Thats the way we do at our clients. @ Mike P

15:52

bob hope

I use them for internal training, good to drop in company public area, labeled "Pictures" she who plugs it in!

15:53

bob hope

A thanks to Jason for putting up that information in the lower third, it really helps.

15:57

bob hope

Another good book again by Chris Handnagy for Micro Expression , with the help of Dr Paul Echam who discovered them is http://www.amazon.co.uk/Unmasking-Social-Engineer-Element-Security/dp/1118608577/ref=asap_bc?ie=UTF8

15:58

bob hope

@Darryl thanks, adding to reading list

15:58

bob hope

Btw, has any one here done the EC Council incident handler cert and have views on it they are willing to share?

15:58

bob hope

Great show!

16:00

bob hope

good show! ready for the next.

16:00

bob hope

AFK

16:03

bob hope

@Mike P Just did that phishing test - YOU'RE A PHISH-SPOTTING NINJA! YOU CORRECTLY IDENTIFIED 14 OUT OF 14 SITES IN THE OPENDNS PHISHING QUIZ - phew!

16:07

bob hope

That would be a good one to have employees do.

16:08

bob hope

haha I got 14 as well

16:08

bob hope

@ Michael yes they would benefit the most.

16:09

bob hope

It's worth even making one relevant for your company. Altering the company intranet/website and emails to test the employees

16:09

bob hope

I like the first one yahoo mail is upgrading with a google address LOL

16:10

bob hope

@Mike P that is a good idea.

16:10

bob hope

good thought

16:11

bob hope

Haha, I make the suggestion to my company that we should have our clients do that test and my dispatcher replies "The resutls may be quite depressing."

16:11

bob hope

I missed the American Airlines phish, I was going through it too quick.

16:11

bob hope

Has anyone had any success with the spt toolkit? It was an open source phishing education tool but I never got it working correctly to manage multiple campaigns

16:14

bob hope

Never tried it.

16:19

bob hope

Not heard of that

16:20

bob hope

looks like it's discontinued

16:25

bob hope

Mmmm mexican food

16:27

bob hope

Rob got a new high score?

16:28

bob hope

I'm married to a Mexican Shawn, so everything she cooks is "Mexican food".

16:30

bob hope

mmm, sounds good, when should I come over? haha

16:31

bob hope

depends on what she or david is preparing tonight... what on the menu this evening David

16:32

bob hope

Most of it is good (I know how to cook too), but she uses more oil than necessary.

16:32

bob hope

i think Rob is in 3rd place

16:32

bob hope

I cooked a bunch of pork on Saturday (and just heated up some for lunch right now).

16:34

bob hope

It's been hard teaching a Mexican family that you don't use a metal fork on Teflon (TM), then you don't need so much cooking oil.

16:37

bob hope

hahah @David

16:37

bob hope

Where are you Nate?

16:38

bob hope

haha

16:40

bob hope

My Chromecast is still infrequently dropping the cast.

16:41

bob hope

Is it the latest build causing issues dave?

16:41

bob hope

Or you have them before tomorrow

16:41

bob hope

No, it is probably the corporate network.

16:43

bob hope

I don't have any casting problems or my DSL line, but it has been too slow to see an unbuffered presentation from IT Pro.

I even learned empirically the "Windows 8.1 with Bing" comes with PS4.0, and can't be upgraded to v5.0.

17:20

bob hope

At least I didn't wait through the looping "Preparing for setup" after an hour.

17:22

bob hope

@David I didn't know v5 came out yet

17:22

bob hope

stackoverflow is where you want to be looking for powershell or any code help really. The guys on their are superb

17:24

bob hope

It is a "Preview"/beta for 8.1 / S2012, part of the WMF package: http://www.microsoft.com/en-us/download/details.aspx?id=44987

17:24

bob hope

The best way to learn powershell is to actually use it though. So why not script out a whole new server build script. Setting up an AD domain, ACL's, DNS etc... Once you done that you will be Ninja!

17:24

bob hope

haha, that Kevin Mitnick video is awesome.

17:27

bob hope

It is. I've been enjoying it over mexican food

17:27

bob hope

I like how he hacks the prison phones .... made me lol

17:28

bob hope

havent gotten there yet, just heard about the McDonalds drive through hack.

17:28

bob hope

For many people, Taco Bell or burritos/hard shell tacos are "Mexican food".

17:29

bob hope

Most of the inmate phones now are done through "SECURUS".

17:31

bob hope

@Michael I have read his books and some of the stories he tells are great

17:31

bob hope

I bet

17:32

bob hope

geesh sean

17:33

bob hope

saving the human race instead of teaching

17:35

bob hope

TIL Sean is a timelord.

17:35

bob hope

@Sean I really like your book through Sybex no less, it is a nice informative read.

17:36

bob hope

I'm back.

17:37

bob hope

@Sean book arriving today looking forward to it.

17:37

bob hope

I will say this @David... i can only eat like 1 or two REAL mexican (corn) tortillas

17:38

bob hope

GERONIMO!

17:39

bob hope

Wibbly Wobbly Security?

17:39

bob hope

Awesome

17:39

bob hope

Hi all! I couldn't make it earlier, what did I miss?

17:40

bob hope

In other news, I have the awesome Star Trek Enterprise Pizza Cutter downstairs

17:40

bob hope

You missed how to pull tweets from a geolocation

17:40

bob hope

cool

17:40

bob hope

I h ave the pizza cutter too! hehe

17:40

bob hope

What time are we starting again?

17:41

bob hope

@Mike R lovely isn't it?

17:41

bob hope

I have one

17:41

bob hope

@mike w.... nowish

17:41

bob hope

Well it was until my mother in law cleaned it with a scrub brush...

17:41

bob hope

now it's all scratched up

17:41

bob hope

Eek, sacrilege

17:41

bob hope

ish?

17:41

bob hope

sp

17:41

bob hope

Most folks don't realize the original sound effects for Star Trek were done on a Yamaha Organ

17:41

bob hope

thanks

17:42

bob hope

I fully support Theme Week. I want to see Don show up in a Harry Potter costume lol

17:42

bob hope

(I mean, it fits)

17:42

bob hope

The transporter was chrismas lights.

17:44

bob hope Sandez

made it

17:44

bob hope

And not very many buttons on their consoles.

17:44

bob hope

hahahahaha

17:46

bob hope

You got it, rule of thirds!

17:46

bob hope

Use those all of the time.

17:47

bob hope

FB WILL STRIP THIS INFO.

17:48

bob hope

Konica Minolta... good copiers lol

17:48

bob hope

G+ will not, they will keep it.

17:48

bob hope

They caught John McAfee through geotagging

17:48

bob hope

LOL

17:48

bob hope

That's right though.

17:49

bob hope

in McAfee's case it was the journalist who posted it, not him

17:49

bob hope

Yeah, but small companies will put pictures from their phones, or other cameras, on their websites. That's not secure

17:50

bob hope

You can also identify the camera because cameras have fingerprints, usually pixels that get damaged over time

17:51

bob hope

CSI Cyber Used these last week with the Mustache Taxi episode...

17:51

bob hope

< I'm shaking my head too!! LoL >

17:51

bob hope

Appraiser uses that a l ot

17:51

bob hope

House appraisers

17:52

bob hope

I want timestamps

17:53

bob hope

Great, now I have to take all my online photos down

17:54

bob hope

Hmm... is this one any good Sean? http://www.geocreepy.com/

17:54

bob hope

https://www.paterva.com/web6/

17:54

bob hope

Yep ran that @Michala

17:55

bob hope

Yo ho....

17:55

bob hope

Would you recommend it James O?

17:55

bob hope

Somebody's watchin' me!

17:56

bob hope

I messed with that a few months ago.

17:56

bob hope

cool

17:57

bob hope

thats kewl

17:57

bob hope

where am i

17:57

bob hope

does it drill down to connections??

17:57

bob hope

nodal

17:57

bob hope

Did IT Pro TV contract with Sean to find all security vulnerabilities before these episodes?

17:58

bob hope

haha, thats what I was wondering @David

17:58

bob hope

or maybe this is the test...

17:58

bob hope

this looks internal though

17:59

bob hope

Does it matter that Sean's microphone is upside down?

17:59

bob hope

that will be very educational, hacking ITPro.tv

17:59

bob hope

HOLY CRAP

18:00

bob hope

@Stanley no. it's an omnidirectional mic

18:00

bob hope

but you are inside the network.

18:00

bob hope

I assume Internal verses External creates different results

18:00

bob hope

Would you get the same results from the internet as opposed to internal?

18:00

bob hope

It's actually working better for hime upside down than it did right side up

18:00

bob hope

I'm salivating right now. Too Sweet!

18:01

bob hope

LOL

18:01

bob hope

hehe

18:01

bob hope

itpro.tv resolves to the web server, so it depends on where it's hosted

18:01

bob hope

olvidosplace.net

18:02

bob hope

that's my website... i host is in a secure place

18:02

bob hope

people need to add it to their hosts file currently

18:02

bob hope

my website is nsa.org

18:02

bob hope

You can't hit it. NXDOMAIN.

18:02

bob hope

HAHAHAH

18:03

bob hope

They are on Google Apps for Work, but I think they are on AWS too.

18:03

bob hope

How about whitehouse.gov

18:04

bob hope

welll it was nice knowing you Philip

18:04

bob hope

0_0

18:04

bob hope

lol

18:04

bob hope

LOL

18:04

bob hope

LOL

18:05

bob hope

Q: Any SaaS that combine tools like this and shodan, etc???

18:06

bob hope

^^ I second that question

18:07

bob hope

A honeypot would be helpful in detecting something like this

18:07

bob hope

sounds like this is the tool tht does it

18:08

bob hope

It (maltego) should be powerful for the price

18:09

bob hope

fair enough revised question

18:09

bob hope

Question: Does Maltego also cross reference with Shodan?

18:10

bob hope

alias+name@gmail.com

18:10

bob hope

James, a lot of sites don't accept the + required for alias with gmail

18:11

bob hope

it's not like Gmail is going to read your email and use it in thier products.

18:11

bob hope

lol

18:11

bob hope

Q: Should the CEH have paid acounts for some of these "lookup" services?? I would think that the "Black-Hats" have paid for some lookup services...

18:11

bob hope

Can you strip the Geoinformation out of a picture after the fact?

18:12

bob hope

It's scary how much information is out there about me. I know I was shocked when I would google myself. Things have changed however, thankfully there are others with my name that are more popular than I

18:12

bob hope

yeah... I have a friend named tim jones

18:12

bob hope

hard to find

18:13

bob hope

KanyeWest seems to think the internet does "Takebacks"

18:13

bob hope

@Matthew it's amazing what you find. Apparently there is a judge in NZ with the same as mine

18:14

bob hope

I have book authors and criminal investigators, and doctors. I am none of these

18:14

bob hope

TOR is not as good as it used to be.

18:14

bob hope

are you going to demonstrate any of those "hiding" techniques?

18:14

bob hope

or am I?

18:14

bob hope

leaking info

18:15

bob hope

People don't understand this technology they use

18:15

bob hope

Dependent upon the budget of the attacker, Tor is definitely not anonymous anymore.

18:15

bob hope

Question: Is there a list of mac addresses you can access?

18:16

bob hope

I can't wait till I re-watch all the eps I have missed and such. This is what I want to do.

18:16

bob hope

awesome episode guys!

18:16

bob hope

Where is Maltego Carbon's main site? Never know which google link to click on that isn't malware

18:16

bob hope

https://www.paterva.com/web6/

18:17

bob hope

Have a good one all!

18:17

bob hope

no more shows for today?

18:17

bob hope

@Matthew https://www.paterva.com/web6/

18:17

bob hope

Great show

18:17

bob hope

like does Starbucks record your Mac address and sell the info

18:17

bob hope

Tor Not So Anonymous: http://twit.cachefly.net/audio/sn/sn0493/sn0493.mp3

18:17

bob hope

wow paterva doesn't even come up in the first 10

18:18

bob hope

bye

18:18

bob hope

ty guys!

18:18

bob hope

I wish I could get up at 5am to catch you guys

18:18

bob hope

I'm having troubles running it too.

18:18

bob hope

@Sean - How do you feel about VPN services, or proxy services... any favs?

18:19

bob hope

Hmm... this is interesting

18:19

bob hope

Using Maltego I can see which other websites are hosted by our third party provider

18:19

bob hope

TV time out lol

18:19

bob hope

would it be better to work, for example, in Public Libraries?

18:19

bob hope

Could be useful for independently verifying references from a procurement perspective

18:20

bob hope

@Sean, also Fabian's questions

18:20

bob hope

18:21

bob hope

We can hardly hear Sean

18:21

bob hope

his mic is muted

18:21

bob hope

ahhh

18:21

bob hope

I'm having work interrupt, IP address allocation.

18:21

bob hope

Plug in your mic Sean!

18:21

bob hope

or unplugged... one of the two

18:21

bob hope

Security camera DVRs.

18:22

bob hope

lol

18:22

bob hope

for hiding I think is what he meant

18:23

bob hope

@Sean - to hide your footprint

18:23

bob hope

so.... he is more a darker shade of white hat

18:23

bob hope

yeah - hear you! Wish I had some of the All in One forensic kits...

18:24

bob hope

ok, I need to drive home now

18:24

bob hope

just kidding.

18:24

bob hope

lol fabian

18:24

bob hope

Use McDonalds network

18:24

bob hope

local library SWATTED

18:25

bob hope

LOL

18:25

bob hope

Thanks guys

18:25

bob hope

@Sean - duyring initial client meetings, do you ever have the pessimistic decision maker who doesn't see the value of your service.... are there any paths you take to reel them in... show them the importance of this... or hell, even make them paranoid (like some of us have felt since you started showing us)

18:25

bob hope

during*

18:26

bob hope

I did a test where I got rid of my cell service and used a throwaway phone, if I needed network on my iphone (which had no cell service) I'd just find a starbucks, mcdonalds, or other free wifi

18:26

bob hope

Thanks guys, good session as always. Looking forward to getting into scanning

18:28

bob hope

IE: I see the value of this, but I'm an IT Professional with 10+ years of experience. Others might not see it... selling pts

18:28

bob hope

@ Matt... how did that go?

18:30

bob hope

I find your exposure to fines and Lawsuits moves mountains

18:31

bob hope

walk in and start the scan while you talk to them and then after your discussion turn your laptop around and say look at htis.

18:32

bob hope

@robins. and then go straigh to jail

18:32

bob hope

Do you ever recommend PR and goodwill. Are you less likely to get hacked if you are a liked company

18:32

bob hope

Do not pass go do not collect $200

18:32

bob hope

Proof is in the puddin sometimes I guess. Thanks for your time

18:32

bob hope

wow seriously? i am not the only person who works in my group, why do they all call me when i am at home

18:32

bob hope

have you been called to testified in court?

18:33

bob hope

@william well I survived a year and was only inconvienenced a few times where I thought "Dang it I wish I had a network now" It's amazing how we get attached to these devices and yet we really don't need them.

18:33

bob hope

I don't know if this was asked before

18:33

bob hope

My next experiement is going with a throwaway cellphone and leave it off unless in an emergency (off and battery removed.)

18:33

bob hope

getting SR management to own up to being vulnerable may be a big hurdle. constant denial.

18:34

bob hope

I wonder if Target was hacked simply because they had the name Target and they hackers thought it would be funny?

18:35

bob hope

Probably more to it than that James P.

18:35

bob hope

*the

18:35

bob hope

@Michael I am having the same problem here. Management wants all of the employees to go thru email security training but will not go thru it themselves

18:36

bob hope

hahahaha

18:36

bob hope

pieces of scat

18:36

bob hope

-not you @Jeff

18:36

bob hope

disgruntled current/former employees are a dangerous thing

18:37

bob hope

I hate Target

18:37

bob hope

It usually turns out that Upper management is a big vulnerability.

18:37

bob hope

Their return policy is ridiculous

18:37

bob hope

Thanks @Mike @Sean

18:38

bob hope

@Brian Yes, some great material over on https://www.cert.org/insider-threat/ regarding research

18:38

bob hope

You want to see something scary? I know of banks (and most banks do this) hire outside cleaning teams that when they are done they take the trash with them.

18:38

bob hope

I have one that will click on every link and open every attachment and thinks that since he is on a Mac nothing will happen to him

18:38

bob hope

Yep, worked with a dude he knew he was gonna get can. He went in and used hedge cutters and clipped all of the cables in the server room.

18:38

bob hope

I wonder how much sensitive info is in that trash, and what do theses cleaning services do with it.

18:38

bob hope

We had a company manager (thankfully former) that was always compromising his laptop.

18:39

bob hope

2JAMEs LOL

18:39

bob hope

@Jeff - I understand - And I feel you! ... ... ...

18:39

bob hope

I wish I had hacked Target... I'd be rich! ... In Jail, but Rich

18:39

bob hope

I almost had to go to the point of imaging his drive, so the rebuild would be easier.

18:40

bob hope

@James O that's crazy. At least they didn't do serious damage in terms of deleting data or AD trees etc

18:40

bob hope

It's why a lot of people hire contractors, so they can fire w/o cause.

18:40

bob hope

Crosscut personal shredder in my office Matthew.

18:41

bob hope

This was many years go. LIke 20 yrs.

18:41

bob hope

David: your office, how about your bank

18:41

bob hope

yeah ... I have a feeling that people at my old job are worried about that still... and it's been 2 weeks

18:41

bob hope

You know those little trash trays where you fill out deposit slips?

18:41

bob hope

I have way too much access just handed to me in all the different areas

18:41

bob hope

and as it turns out i need to go

18:41

bob hope

have you ever been called to testify in court?

18:41

bob hope

catch you later

18:41

bob hope

back

18:42

bob hope

My bank doesn't have a local branch, so it is all electronic transactions with them for me.

18:42

bob hope

But point taken.

18:42

bob hope

Not me. LOVE my job!

18:42

bob hope

David: I have considered that

18:42

bob hope

who doesnt complain about their jobs lol

18:42

bob hope

Vivian: I am sure you have complained about me a few times

18:42

bob hope

Snowden

18:42

bob hope

I'm back!

18:42

bob hope

Silent ones are the deadliest.

18:43

bob hope

0.0000001%

18:43

bob hope

Ha ha.

18:43

bob hope

18:43

bob hope

any know woman hacker?

18:44

bob hope

known

18:44

bob hope

Shannon Morse & Colleen Kelley.

18:44

bob hope

thats right!

18:44

bob hope

In many languages American == Lazy

18:44

bob hope

Navy sensitive document disposal in San Diego circa 25 years ago was to mulch it with a shredder driven by a V-8 engine, then incinerate the output....

18:45

bob hope

They are named Pat

18:45

bob hope

and Chris

18:45

bob hope

nope. no women hackers. move along.

18:45

bob hope

I never knew why they just didn't burn it from the beginning.

18:45

bob hope

apparently women are more stealthy

18:46

bob hope

pink hat hackers

18:46

bob hope

I was at a seminar with Peter Wood recently and he said his best social engineers were women

18:46

bob hope

feel like i ve given away the farm just registeringmaltego...

18:46

bob hope

Peggy calling

18:46

bob hope

He's right... people tell me lots of interesting things when they are trying to 'teach' me

18:47

bob hope

#NSA PickUp Lines..........

18:47

bob hope

Hit it guys!

18:47

bob hope

anxious to learn about scanning!

18:47

bob hope

@Deborah Nice one:)

18:47

bob hope

http://slowrobot.com/i/51361

18:48

bob hope

It's not always the best... you're right it has perks... but it's not always fun

18:49

bob hope

Speaking of shredding documents, anyone ever see that Iran reconstructed some documents that U.S. Embassy staff shredded before they had to be evacuated?

18:49

bob hope

@Sean Have you ever tried to anger someone to make them slip up?

18:50

bob hope

They were shredded into strips not cross cuts

18:50

bob hope

Still, "Better Call Saul" aside, that still is some work.

18:50

bob hope

nsa would bring in an archeologist to piece it back togehter..

18:51

bob hope

No, they just probably had a room of women in burkas doing it.

18:51

bob hope

Still need to put the stuff into an acid bath to disolve

18:52

bob hope

heat the house with it..

18:52

bob hope

@James P Interesting question

18:53

bob hope

what is a GREAT tool for doing screen capturing AND a running log of your activity taken during the engagement;

18:53

bob hope

http://www.bbc.com/news/magazine-16036967

18:53

bob hope

should we say agree?

18:53

bob hope

LOL @ Mike R.

18:54

bob hope

*fires up VM*

18:54

bob hope

I can't afford Sean, but I'd love to be pentested and given a report on how bad I am. (I know there are holes.)

18:54

bob hope

I agree to the disclaime

18:54

bob hope

18:54

bob hope

disclaimer*

18:55

bob hope

That BBC article shows that computers can be used to reconstruct shredded documents (David waves to NSA).

18:55

bob hope

Jason, thanks for fixing Sean's microphone. Now Mike and Sean's volume is closer to being at the same level. It is appreciated. The microphone pickup pattern was compromised when it was pointed at his feet.

18:56

bob hope

you are welcome. Sean is a n00b.

18:56

bob hope

he hasnt been called that in awhile,

18:58

bob hope

lol

19:00

bob hope

220, 221, whatever it takes

19:01

bob hope

ports are like a switchboard

19:02

bob hope

If you see something running on port 1337 or 31337, it's probably a backdoor...

19:02

bob hope

Or Ip address is the house address and ports are the doors, windows and chimney

19:02

bob hope

I need your book!!

19:03

bob hope

What is Port 80?

19:03

bob hope

/me smiles

19:03

bob hope

HTTP

19:03

bob hope

@Michala I might steal that for training.

19:03

bob hope

Please do

19:03

bob hope

Wait... I heard HTTP was malware

19:03

bob hope

Port 80 is ping @Matthew

19:04

bob hope

It usually is.

19:04

bob hope

JK

19:04

bob hope

and porn

19:04

bob hope

jk LOL

19:05

bob hope

multiplex 171 tcp/udp Network Innovations Multiplex

19:05

bob hope

but, there may be a new VUL tied to a port... and it may be a 0-Day - etc etc

19:05

bob hope

If you are good with computers, and used to work as a level 2 support specialist and small business ms server supporter for 1-100 users. Taken a 7 year break officially from IT work, where would start on certs if you want to be a IT security person (i.e.pentester)

19:05

bob hope

Fing on Android is great to map a network.

19:05

bob hope

^

19:07

bob hope

Fing is really helpful @JAmes

19:07

bob hope

Firewalls log these kinda utils

19:08

bob hope

Not necessarily if you're already inside the network.

19:08

bob hope

great. (unrelated to this topic) I am installing Itunes, so I can backup my phone before I wipe it. and Itunes needs authorization. I enter my credentials and get told "The iTunes store is temporarily unavailable." OY Vey.

19:09

bob hope

AngryIP scanner is helpful in scanning an internal network for a quick list of active IPs.

19:09

bob hope

nmap FTW

19:09

bob hope

@Matthew , buy the annual itpro subscription and just start going though all the courses, A+ Security + Network + - I'm in the same boat, picking back up - getting CAUGHT up on TODAYS techno. CCENT, CCNA - CEH, Incident Response etc

19:09

bob hope

haha, extra credit for me!

19:09

bob hope

Get it in writing!

19:10

bob hope

Already have the annual been on it for a year or maybe two.

19:10

bob hope

great port filtering with AngryIP as well.

19:10

bob hope

Did Sean have ITpro.tv sign a waiver before he started?

19:10

bob hope

http://angryip.org/

19:11

bob hope

@Michael: I don't have the $$$ to pay for all those certs! Holy crap that's at least $4000-$5000 in tests

19:11

bob hope

@Shawn thanks

19:11

bob hope

Fing will be mentally noted for when my Nexus 6 arrives, my RAZR M is chock full of too many apps right now.

19:11

bob hope

Advanced Port scanner was a quick useful tool too, but now a days it fails a lot on modern OSs.

19:11

bob hope

My HP printer shows 10 wireless (available) nodes

19:12

bob hope

Or don't respond to pings

19:12

bob hope

Do either of those tools do OS discovery?

19:12

bob hope

I see a mac!

19:12

bob hope

Wish I could get the 64Gb Nexus 6 version (since it can't have micro-SD cards).

19:12

bob hope

sometimes devices are there just not replying to pings...

19:13

bob hope

NMAP can do those deep scans.

19:13

bob hope

@David, you should put Kali Nethunter on your current Nexus...

19:13

bob hope

QUESTION: Would you "Go INTO" someones iPhone connected to a "Closed" network - as part of your engagement... to potentially find "stuff"??

19:13

bob hope

netcat

19:13

bob hope

I forgot about netcat.

19:13

bob hope

NMAP -sS -v 10.0.0.0/24

19:14

bob hope

I don't have it yet Shawn, and as long as I don't have to root it (because it is employer-provided).

19:14

bob hope

-sP for ping scan

19:14

bob hope

-sS is SYN scan

19:14

bob hope

Ah yeah @David, nevermind LOL

19:14

bob hope

ICMP traffic

19:15

bob hope

It's still being shipped, because even people on Neptune had it on their network before Verizon did.

19:15

bob hope

http://www.mcafee.com/us/downloads/free-tools/superscan.aspx

19:16

bob hope

I wouldn't want the white color (only if my arm were twisted more with no other options), but Verizon only has it in midnight blue & 32Gb internal storage.

19:17

bob hope

would you let Sean open your Cellphone

19:17

bob hope

Bonjour protocol is on

19:17

bob hope

Question: Are there ways to scan UDP ports? obviously not like TCP scans.

19:17

bob hope

that nails it

19:17

bob hope

If the AUP states that personal devices shouldn't be connected to the network then surely if people breach that it is fair cop?

19:17

bob hope

Michael: Sort of, depends on the protocol. But it isn't guranteed to be reliable.

19:18

bob hope

MNAP can scan UDP

19:18

bob hope

@James makes since since there is no back and forth like TCP

19:18

bob hope

There is no 'connection', so no handshake to see if a port is open. If the service responds to the packet, you might be able to get some info (e.g. a SIP VoIP server listening on 5060UDP

19:18

bob hope

^didnt mean "no" back and forth, but different

19:19

bob hope

BRB.

19:19

bob hope

thx @James

19:19

bob hope

NP!

19:19

bob hope

no expectation of privacy on a corp device... lots of folks take chances

19:19

bob hope

@Michala you are using reason and logic. To a "civillian" end user what ever they need to do to make life easy is fair.

19:20

bob hope

I is vulcan LLAP

19:20

bob hope

@Michala

19:20

bob hope

Michala is really T'pol.

19:20

bob hope

Seriously though, I guess it comes down to the agreements and education of those users up front

19:21

bob hope

Would any type of user policy factor in if the employee signed it when they started?

19:22

bob hope

syslog

19:22

bob hope

is it ok to Scan, just scan for example at an airport

19:22

bob hope

I think that regardless of policy signed, if there is no suspicion of criminal activity on the device, it would be tough to have legitimate grounds in the UK

19:22

bob hope

airport wifi

19:23

bob hope

AUP

19:23

bob hope

@Michala uers expecting privacy on personal devices is the reason we have a :public" and a secure wi-fi network. Personal devices can not connect to the secure wi-fi

19:23

bob hope

If the company even has a policy in place...

19:23

bob hope

We usually implement a Private, Guest and BYOD Wireless network with different policies accordingly.

19:23

bob hope

Private = company owned and managed devices only

19:23

bob hope

or a splash page on the wifi

19:24

bob hope

@David, that's how it was at my last contract. 2 networks.

19:24

bob hope

@David Agreed completely. I know that some of our users woudl still plug in phones to charge off USB port aalthough storage unaccessible

19:24

bob hope

Thanks guys!

19:25

bob hope

I caught the end of Mike talking about work-provided phones, I agree but I'm always told the FCC won't give me legal recourse for my employer-provided phone being on the Do Not Call Registry.

19:25

bob hope

thanks!!

19:25

bob hope

l8r gang my day is done. Looking forward to tomorrow

19:25

bob hope

what arcade machine is that? looks like donkey kong?

19:26

bob hope

a custom built MAME system

19:26

bob hope

@David Beem LOL!

19:27

bob hope

@james thats sweet... I was playing with a Pi looking to do the same

19:28

bob hope

@Caleb watch the PMI course. They use the arcade cabinet as the sample project

19:28

bob hope

I've wondered why we put out a second wireless network presumably for guest devices (but still with a WPA2 passphrase) when it hits the same DHCP pool.

19:28

bob hope

I still have to put on my mame games back on my machine.

19:29

bob hope

the cabinet is MAME on the back end and Hyper Spin on the front end

19:29

bob hope

@David: You can still implement ACLs to block traffic to LAN devices. Ideally it should be on it's own subnet, but something is better than nothing.

19:29

bob hope

@Sean - Are we going to boot up Kali anytime during the show?

19:29

bob hope

I thought about looking into the Pi arcade as well @Caleb

19:30

bob hope

Im still using the original one, really really want the new Pi2

19:30

bob hope

me 2, Ive got 2 PIs now. one is running a Zwave system I am testing out and the other I am going to setup for Echolink for my local Ham club

19:30

bob hope

I have two Pi 1s and two Pi2s.

19:31

bob hope

Still need to figure out what to do with them

19:31

bob hope

I want to try a PI2 for a media center

19:31

bob hope

XBMC

19:31

bob hope

The Pi1 ran it, but didnt mount my DVD isos very well

19:31

bob hope

o/ waves to Don as he walks by

19:31

bob hope

no more XBMC, now is Kodi

19:32

bob hope

Why did they change the name again?

19:32

bob hope

I guess I havent played with it for a few months. I'll check it out

19:32

bob hope

need a port of Kali on the Pi

19:32

bob hope

I think someone said there is. Don't know if that's true or not.

19:32

bob hope

Remeber guys, I am copying the chatlogs today and putting them on pastebin. Stick around and ill post the link after today's broadcast. I also have yesterday's, so if you need it, let me know

19:33

bob hope

http://docs.kali.org/kali-on-arm/install-kali-linux-arm-raspberry-pi

19:33

bob hope

I would like yeasterdays

19:33

bob hope

I love the convo about using a robot to shoot an home invader?

19:33

bob hope

o/ waves at Don again as he leaves.

19:33

bob hope

*yesterdays

19:34

bob hope

I can't wait to d/l this seriess

19:34

bob hope

Are the previous episodes available on Roku?

19:34

bob hope

series* (I am getting tired of my usb keyboard)

19:35

bob hope

http://pastebin.com/yJuuvvvv - link to yesterday's chat @Matthew

19:35

bob hope

they are on the Roku. Just got done with 'em

19:35

bob hope

Awesome, thanks Nate!

19:35

bob hope

OH kewl! ty Nathan.. I can go upstairs and watch from my easychair... (my officer still has a folding table and folding chair.)

19:35

bob hope

Audio just got muted

19:36

bob hope

They do that when they want to talk bad about the chatroom ...

19:36

bob hope

19:36

bob hope

We

19:36

bob hope

Nate is hopping fast, but I did hear Tim mention that deadline on the air.

19:36

bob hope

we're trying to hack a ISP in western New Mexico

19:36

bob hope

Wow you have done 7 shows already?

19:37

bob hope

in 2 days. bravo!

19:37

bob hope

only the best for our subscribers

19:37

bob hope

Hmm... instead of posting on Pastebin - could you post on the forum on ITpro instead? I'm not entirely keen about chat being posted on open internet.

19:38

bob hope

Sure, I can do that today Michala. I did that yesterday due to requests

19:38

bob hope

I like the idea of being able to refer back to the chat Shawn - just seems inconsistent with what we're learning here from a privacy perspective

19:38

bob hope

Michala & I think alike.

19:38

bob hope

Go to the northwest in New Mexico (Bug Bunny: "Right turn at Albuquerque"), in the southwest there is just a few of us.

19:38

bob hope

Thanks Shawn - appreciate it

19:38

bob hope

*Bugs*

19:38

bob hope

Yeah, we need to be able to make snarky comments without risk of being exposed...

19:39

bob hope

I also offered to just password the paste next time

19:39

bob hope

Yeah, like the stuff I posted yesterday.

19:39

bob hope

I hear Bork

19:40

bob hope

or Defender

19:40

bob hope

brb time to take the ankle biters out.

19:40

bob hope

that's it bezerk

19:40

bob hope

I knew I had heard that sound.

19:40

bob hope

Eh, my wife can see the live-stream on the Roku, but I don't think she has an account to see the chatroom.

19:40

bob hope

Do I have permission from ITpro.TV to paste the chat logs into the forum?

19:40

bob hope

Although - having said that I now see that the forums are all open to the internet

19:41

bob hope

I jsut searched my name and itpro and it came up with my old forum posts

19:41

bob hope

Yeah, the forum doesn't require an account to view and show up in google results

19:41

bob hope

As long as mines is crocheting she don't care what I put on.

19:41

bob hope

Nate should fix that

19:41

bob hope

However I did show her that IT Pro TV had Office 365 training videos.

19:41

bob hope

@James poke Nate some on that point!

19:42

bob hope

I guess until then a password it is?

19:42

bob hope

Yeah @Michala, I'll just do pastebin with a password of ITPro.tv

19:42

bob hope

ok downloading the first 7 eps available

19:43

bob hope

What? No 18 character password?

19:43

bob hope

@Shawn I assume you are joking re password?

19:43

bob hope

Just use ROT13 encryption

19:43

bob hope

And Jason, the network stuff really isn't my baby now, so as long as you don't affected my Internet access I'm not too worried.

19:43

bob hope

Talking smack about us again. Mics are off

19:43

bob hope

Yes, lol...

19:43

bob hope

Yup...

19:43

bob hope

It's a "Stupid User" video LOL

19:44

bob hope

Lowdown put that mic back on

19:44

bob hope

They are just taunting us.

19:44

bob hope

Give me that Nexus already, then I'll have a second path out anyway.

19:45

bob hope

This is me.... https://www.youtube.com/watch?v=nL24aNugo_4 ... this is what I do

19:45

bob hope

I could have sworn I had a VM of winxp... dang it

19:46

bob hope

Now I have to create one

19:46

bob hope

<-- needs to get better at storing and file management

19:47

bob hope

Anyone have a good software package that doesn't cost an arm and a leg that will do advanced cataloging of hard drives and even do md5 hash's of files to show you where duplicates are?

19:47

bob hope

I'd be interested in that too. Only ones I know cost an arm and a leg

19:48

bob hope

Welcome back

19:48

bob hope

Is this one of those "TV breaks"?

19:49

bob hope

Man my downloading is making the video buffer badly.

19:49

bob hope

I love Rural internet... (NOT)

19:50

bob hope

The boss is flashing red!!!

19:50

bob hope

When he hits it, I assume lol

19:50

bob hope

How expensive are the EC-Council iClasses? Anyone look at them?

19:51

bob hope

downloads throttled.

19:51

bob hope

ROFL Epic rap battle between Hodor and Groot

19:53

bob hope

ilearn = $1,899

19:54

bob hope

Wardialing oh I remember those days!

19:55

bob hope

Quick run for a candybar, I need some sugar.

19:56

bob hope

wow

19:58

bob hope

that's the self-paced version

19:58

bob hope

Unreliable Delivery Protocol.

19:58

bob hope

Ah, much better the chops are in the oven.

20:03

bob hope

I cooked a bunch of pork chops on Saturday James, still eating them.

20:03

bob hope

for the paste bin concerns here is the regex to anonymise the name with "fake name" (?<=\d\d:\d\d\r\n)\w+\s\w+

20:03

bob hope

Nothing lasts here.

20:04

bob hope

Wait... what @ Kevin?

20:04

bob hope

even *anonymize

20:05

bob hope

its regex to capture the names after the time and return, in notepad++ use regex find replace tool

20:05

bob hope

Nice!

20:06

bob hope

in replace with just stick in "bob hope" or whatever you fancy

20:07

bob hope

My connection is poor. Not sure if anyone's already mentioned shields up on grc.com for checking your ports. Great tool by steve